In a data transmission between communication devices, not all of information transmitted from a transmission side is received at a receiving end. For example, it is known that a packet loss occurs due to a load state or the like of a network, and, in addition, there is a communication system in which only a part of transmitted data reaches to the receiver as characteristics of a transmission system including a transmitter, a receiver, and a channel that connects them. As an example of such communication system, a quantum key distribution (QKD) system will be described briefly.
It is necessary to share a shared key required for encryption and decryption of information between a transmission end and a receiving end as secret information, and QKD technology is regarded to be promising as a technology to generate and share such secret information. According to the QKD technology, contrary to a conventional optical communication, it is possible to generate and share a common key between a transmitter and a receiver by transmitting a random number with the number of photons per bit equal to one or less. The QKD technology has the security that is based on the principle of quantum mechanics that a photon observed once cannot be completely returned to the quantum state before the observation, not the security that is based on conventional computational complexity.
It is necessary in the QKD technology to carry out several steps before an encryption key used for cryptographic communication is generated. Hereinafter, a generation process of a typical encryption key will be described with reference to FIG. 1.
As shown in FIG. 1, in a single photon transmission, a random number is transmitted through a quantum channel by a weak optical pulse train with the number of photons per bit equal to one or less, as mentioned above. As the QKD method, a BB84 method using four quantum states is widely known (Non Patent Literature 1), for example. When a transmitter transmits an original random number by a single photon transmission, most of it is lost due to the loss or the like of a transmission line; and bits that can be received by a receiver become a very small part of the transmitted bits, which is called a raw key. For example, the data volume that can be received by a receiver is about 1/1000 of the transmitted data volume.
Subsequently, a basis reconciliation, error correction, and privacy amplification processing are performed on the raw key that is received with most of the transmitted random numbers having been lost due to the quantum channel transmission, using a communication channel with normal optical intensity (classical channel). In each step of the basis reconciliation, error correction and, privacy amplification processing, a bit elimination is carried out to eliminate bits disclosed to the other side and the possibility of wiretapping. Thus, in a transmission system in which most of transmitting data is lost in a transmission channel, and data elimination is performed in subsequent processes, a received data volume finally obtained becomes very small compared with the transmitted data volume.